voici le rapport pour combofix :
ComboFix 08-09-05.12 - v 2008-09-09 22:46:42.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.638 [GMT 2:00]
Endroit: D:\ComboFix.exe
- Création d’un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\btfunc.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))))))))
.
2008-09-04 18:28 . 2008-09-04 18:28 d-------- C:\Program Files\Trend Micro
2008-09-04 17:58 . 2008-09-04 17:58 d-------- C:\Program Files\Alex Feinman
2008-09-04 17:52 . 2008-09-04 17:52 94,208 --a------ C:\WINDOWS\system32\ohunydot.exe
2008-09-04 14:39 . 2008-09-04 14:39 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-09-04 14:39 . 2008-09-04 14:39 d-------- C:\Documents and Settings\v\Application Data\Malwarebytes
2008-09-04 14:39 . 2008-09-04 14:39 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 14:39 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 14:39 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-04 14:29 . 2008-09-04 18:33 d-------- C:\Documents and Settings\All Users\Application Data\ypkruxyz
2008-09-04 14:29 . 2008-09-04 14:29 94,208 --a------ C:\WINDOWS\system32\wluluheb.exe
2008-09-04 14:28 . 2008-09-04 15:46 d-------- C:\Program Files\SAV
2008-09-04 14:28 . 2008-09-04 14:28 0 --a------ C:\WINDOWS\JCMKR32.INI
2008-09-03 13:41 . 2004-08-05 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-03 13:17 . 2008-09-03 13:17 d-------- C:\WINDOWS\system32\fr
2008-09-03 13:17 . 2008-09-03 13:17 d-------- C:\WINDOWS\system32\bits
2008-09-03 13:17 . 2008-09-03 13:17 d-------- C:\WINDOWS\l2schemas
2008-09-03 13:12 . 2008-09-03 13:17 d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 13:01 . 2008-09-03 13:01 d-------- C:\WINDOWS\EHome
2008-09-03 03:49 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-16 23:38 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 10:20 --------- d-----w C:\Documents and Settings\v\Application Data\Azureus
2008-09-04 12:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-02 10:39 --------- d-----w C:\Program Files\eMule
2008-09-02 10:37 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 10:35 --------- d-----w C:\Program Files\CyberLink
2008-09-02 10:34 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-09-02 10:34 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-30 20:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-17 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-09 12:44 --------- d-----w C:\Program Files\Java
2008-07-27 18:34 --------- d-----w C:\Program Files\Picasa2
2008-07-27 18:33 --------- d-----w C:\Program Files\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-27 13:37 1,630 ----a-w C:\Documents and Settings\v\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 5724184]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“dscactcfg”=“C:\WINDOWS\system32\wluluheb.exe” [2008-09-04 94208]
“HlpUi”=“C:\WINDOWS\system32\ohunydot.exe” [2008-09-04 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-06-11 53248]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 98394]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 688218]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” [2004-08-05 208952]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-05 59392]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-05 455168]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-05 455168]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-07-18 94208]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-07-18 77824]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-07-18 114688]
“LManager”=“C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE” [2005-10-11 462848]
“eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [2005-11-16 385024]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“ACU”=“C:\Program Files\Atheros\ACU.exe” [2005-01-31 253952]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe” [2002-07-11 188416]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“RTHDCPL”=“RTHDCPL.EXE” [2005-08-09 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
–a------ 2007-09-18 16:16 171464 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
–a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-02 38528]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 162176]
Newly Created Service - CATCHME
Newly Created Service - INT15.SYS
Newly Created Service - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\v\Application Data\Mozilla\Firefox\Profiles[u]0[/u]1yxniv7.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr…
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-09-09 22:48:46
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés …
Balayage caché autostart entries …
Balayage des fichiers cachés …
Scan terminé avec succès
Les fichiers cachés: 0
.
Temps d’accomplissement: 2008-09-09 22:51:56
ComboFix-quarantined-files.txt 2008-09-09 20:51:00
Pre-Run: 12,875,431,936 octets libres
Post-Run: 12,859,293,696 octets libres
166 — E O F — 2008-09-03 16:30:07
Hey guigui14100 !
Il n’y a plus rien à faire… ?! Parce que j’ai toujours cette fenêtre…
Si quelqu’un sait comment y remédier il est le bienvenu !
J’ai vraiment besoin d’un coup de main, parce que quand même avast se met à detecter un virus c’est inquietant…
Il n’y a personne ?
Edité le 11/09/2008 à 16:50